In my previous post I have mentioned about release of Image Uploader 5.1 (and 4.7) which has a number of security fixes (few known heap overflow and a bunch of potential problems). To prevent malicious persons to exploit these issues, we are releasing a killbit for all version and strongly recommend each customer of Image Uploader to get an update (which is free for appropriate major build).
Few words about killbit. I have already gave some comments on what is killbit and why we should use it in the Image Uploader is safe again post. Now let's see how killbit is installed on client machine. There are three ways:
- Killbit is set along with new version. So when new ActiveX is downloaded and installed, old CLSIDs become disabled.
- Killbit can be installed manually. To do this just download the AurigmaKillbit.regfile and run it (may require administrative rights).
- Killbit will be installed with Internet Explorer security updates. I cannot get an exact time frame for this until I get approval from Microsoft, but it will happen not earlier than in 2-3 months.
Below is described a list of CLSIDs which are killbited and their alternate CLSIDs.
Old CLSID New CLSID
Standard builds:
6E5E167B-1566-4316-B27F-0DDAB3484CF7 EDFCB7CB-942C-4822-AF14-F0B687409848 - Image Uploader 4
BA162249-F2C5-4851-8ADC-FC58CB424243 5D637FAD-E202-48D1-8F18-5B9C459BD1E3 - Image Uploader 5
652623DC-2BB4-4C1C-ADFB-57A218F1A5EE FB5C74A8-48D0-42A3-B47F-6896F94DFC21 - Upload Items 4
9275A865-754B-4EDF-B828-FED0F8D344FC 59BA14C3-B5CD-4DFF-8256-25961756B9B4 - Upload Items 5
E1A26BBF-26C0-401d-B82B-5C4CC67457E0 D6216AB8-9FF8-47C6-A2E7-49491B39C857 - File Downloader
Private-label builds, Image Uploader 4:
B60770C2-0390-41A8-A8DE-61889888D840 51B7FAF0-B98E-4A0F-9DF6-E31A81836925
44A6A9CA-AC5B-4C39-8FE6-17E7D06903A9 6F9DF050-35BE-4E5E-9293-663D6B526B7F
76EE578D-314B-4755-8365-6E1722C001A2 33DFB28A-9792-4AFC-B594-D589365DF67D
F89EF74A-956B-4BD3-A066-4F23DF891982 CBFF31B5-91C0-4361-98BD-4C56D0F9CDAC
101D2283-EED9-4BA2-8F3F-23DB860946EB 718B3D1E-FF0C-4EE6-9F3B-0166A5D1C1B9
69C462E1-CD41-49E3-9EC2-D305155718C1 208B36BE-4B91-45D5-A636-4E70D745593C
41473CFB-66B6-45B8-8FB3-2BC9C1FD87BA 66AE48D0-2ECE-4F09-886B-3B6C2FD4A985
108092BF-B7DB-40D1-B7FB-F55922FCC9BE B82F1D98-BE90-42E2-B64D-C7AB48E40B4C
CF08D263-B832-42DB-8950-F40C9E672E27 6B999576-2C81-4811-A912-2270B3D0865A
F1F51698-7B63-4394-8743-1F4CF1853DE1 1DB7FAAD-2582-49C3-807C-42024B031552
905BF7D7-6BC1-445A-BE53-9478AC096BEB 02F654C7-2915-45DF-94E2-8B145A060DF9
916063A5-0098-4FB7-8717-1B2C62DD4E45 4113F622-4901-468F-864E-5480F1C3BC3A
AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4 CAC677B6-4963-4305-9066-0BD135CD9233
AE6C4705-0F11-4ACB-BDD4-37F138BEF289 0C92900E-4D5A-4F04-ACC9-729E1767BBAE
FA8932FF-E064-4378-901C-69CB94E3A20A A6C3B396-6F73-4CBE-AEF5-A86421AF1B93
3604EC19-E009-4DCB-ABC5-BB95BF92FD8B E33E2112-8A3F-4B0F-884B-767C1610627E
65FB3073-CA8E-42A1-9A9A-2F826D05A843 83803392-C613-473A-AF42-5C4D07F8FE7B
7EB2A2EC-1C3A-4946-9614-86D3A10EDBF3 F7FC62B7-1E68-4A56-B978-795662B02691
9BAFC7B3-F318-4BD4-BABB-6E403272615A 57F9ADF0-9759-4D97-AB03-8AB5882A2FD5
05CDEE1D-D109-4992-B72B-6D4F5E2AB731 BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4
977315A5-C0DB-4EFD-89C2-10AA86CA39A5 85A9BDFA-93C0-4F1B-9AB6-B92A90E5B326
1E0D3332-7441-44FF-A225-AF48E977D8B6 72719D4A-11A5-4E33-A131-36DE83DE9C3A
B85537E9-2D9C-400A-BC92-B04F4D9FF17D 37A8A17B-2DDC-4600-BBC6-538C10AED8C0
2C2DE2E6-2AD1-4301-A6A7-DF364858EF01 19E20072-785D-41C3-ADE9-D784325AB7B0
0270E604-387F-48ED-BB6D-AA51F51D6FC3 60541D7A-4EF1-4117-9607-7C1B0EEAAD18
FC28B75F-F9F6-4C92-AF91-14A3A51C49FB 3EF75DF9-FC62-410A-B599-B131D917EC3B
86C2B477-5382-4A09-8CA3-E63B1158A377 A6BF5692-E5E8-4B40-8E5E-819AF5E3AC08
8CC18E3F-4E2B-4D27-840E-CB2F99A3A003 070A0793-B969-4BC7-848B-3FD844554784
68BBCA71-E1F6-47B2-87D3-369E1349D990 2AF2E06E-166C-49C9-8BDF-CD9A8A07089C
8DBC7A04-B478-41D5-BE05-5545D565B59C B57779BE-8EBE-46A1-A2F1-0BBFF6192B0C
D986FE4B-AE67-43C8-9A89-EADDEA3EC6B6 6C87A126-AC2E-42EF-8A09-39AC05E8FBDF
6CA73E8B-B584-4533-A405-3D6F9C012B56 5F0CE5B2-46E1-4E00-AC64-0C756537D26C
A7866636-ED52-4722-82A9-6BAABEFDBF96 AB3222DF-F6E1-40CB-BB80-1BF999130D7D
B0A08D67-9464-4E73-A549-2CC208AC60D3 3F17C07C-2153-4471-BB74-7554A7310C8C
3D6A1A85-DE54-4768-9951-053B3B02B9B0 0FDC57AC-BB9F-40FF-9921-46D28B712D08
947F2947-2296-42FE-92E6-E2E03519B895 7F4E9A4B-7D73-4D7D-9A37-30100CEE0874
47AF06DD-8E1B-4CA4-8F55-6B1E9FF36ACB CD6FB286-3337-45E8-AF97-6AA3802D2F90
B26E6120-DD35-4BEA-B1E3-E75F546EBF2A 5FA63150-FBD6-451D-B014-D55DDED4F2F3
926618A9-4035-4CD6-8240-64C58EB37B07 29C78D18-D3C3-4B8F-B7EF-F5DC2385F82E
B95B52E9-B839-4412-96EB-4DABAB2E4E24 ADFCE7BD-C522-48E7-9D2A-976597629667
CB05A177-1069-4A7A-AB0A-5E6E00DCDB76 DF21EFC6-E614-4C4C-92E7-C94A944E5C5E
A233E654-53FF-43AA-B1E2-60DA2E89A1EC 0F3FEBAA-440F-4003-B2BC-71B9D9C20E72
6981B978-70D9-40B9-B00E-903B6FC8CA8A 7FBBED73-8E99-40BE-894E-F66F6F49D8F0
C86EE68A-9C77-4441-BD35-14CC6CC4A189 8F20884C-68BF-440C-BB5F-13BAC64B8C1C
2875E7A5-EE3C-4FE7-A23E-DE0529D12028 CA9CABF3-48C0-4589-808E-ADE58599DF6C
66E07EF9-4E89-4284-9632-6D6904B77732 A9BEBDF3-2816-44E9-9F64-71EBDE235E15
00D46195-B634-4C41-B53B-5093527FB791 7A53918A-FF36-41E3-96A6-3A7672746CB9
497EE41C-CE06-4DD4-8308-6C730713C646 55D95DEA-6E0F-476B-AE02-57C5F99332F2
7A12547F-B772-4F2D-BE36-CE5D0FA886A1 F83FA5C8-A016-401F-9A45-E582D8BD498F
0B9C0C26-728C-4FDA-B8DD-59806E20E4D9 44BF597A-C391-4162-8976-B00B55C92F56
F399F5B6-3C63-4674-B0FF-E94328B1947D 0D4515D4-1845-4E7C-8E16-79AEEC44AB7C
8C7A23D9-2A9B-4AEA-BA91-3003A316B44D D428C208-57A8-4A63-BF7F-E7FABE6A9E9B
E6127E3B-8D17-4BEA-A039-8BB9D0D105A2 C6B9830E-35DE-463D-8CFA-E289E317565C
A3796166-A03C-418A-AF3A-060115D4E478 ADA48720-6C9A-4A34-9E3E-5B17556A2B39
73BCFD0F-0DAA-4B21-B709-2A8D9D9C692A AB4E1C02-3EDB-4A72-B1B8-FD909831C761
93C5524B-97AE-491E-8EB7-2A3AD964F926 A696A6DE-8011-407B-850B-077BE505D11D
833E62AD-1655-499F-908E-62DCA1EB2EC6 7CAE4253-EEEF-42C7-BB94-E65EBF540DB6
285CAE3C-F16A-4A84-9A80-FF23D6E56D68 C4B2AB47-CE9B-4850-A8B6-36F3896E17BF
AA13BD85-7EC0-4CC8-9958-1BB2AA32FD0B 4910F815-D322-409F-A6D1-61FAE656E4A0
4614C49A-0B7D-4E0D-A877-38CCCFE7D589 096CBF58-FC7F-433D-9158-27DE6B22D8C7
974E1D88-BADF-4C80-8594-A59039C992EA B67F4A74-B98A-4F74-AF9E-C422198BB0F8
692898BE-C7CC-4CB3-A45C-66508B7E2C33 BAC8495C-A1FF-48B3-AB22-52544FFA3047
F6A7FF1B-9951-4CBE-B197-EA554D6DF40D CC7FD10E-8471-4399-B7B0-976BCB84357E
038F6F55-C9F0-4601-8740-98EF1CA9DF9A 89DCF5AD-2D57-4C98-AE18-E4222DFEA4CC
652623DC-2BB4-4C1C-ADFB-57A218F1A5EE FB5C74A8-48D0-42A3-B47F-6896F94DFC21
9275A865-754B-4EDF-B828-FED0F8D344FC 59BA14C3-B5CD-4DFF-8256-25961756B9B4
6C095616-6064-43ca-9180-CF1B6B6A0BE4 BC9C7884-D1F5-4E67-80F2-C67AE8C62701
E1A26BBF-26C0-401d-B82B-5C4CC67457E0 D6216AB8-9FF8-47C6-A2E7-49491B39C857
Private-label builds, Upload Items 4:
A7866636-ED52-4722-82A9-6BAABEFDBF96 AB3222DF-F6E1-40CB-BB80-1BF999130D7D
B0A08D67-9464-4E73-A549-2CC208AC60D3 3F17C07C-2153-4471-BB74-7554A7310C8C
3D6A1A85-DE54-4768-9951-053B3B02B9B0 0FDC57AC-BB9F-40FF-9921-46D28B712D08
947F2947-2296-42FE-92E6-E2E03519B895 7F4E9A4B-7D73-4D7D-9A37-30100CEE0874
47AF06DD-8E1B-4CA4-8F55-6B1E9FF36ACB CD6FB286-3337-45E8-AF97-6AA3802D2F90
B26E6120-DD35-4BEA-B1E3-E75F546EBF2A 5FA63150-FBD6-451D-B014-D55DDED4F2F3
926618A9-4035-4CD6-8240-64C58EB37B07 29C78D18-D3C3-4B8F-B7EF-F5DC2385F82E
B95B52E9-B839-4412-96EB-4DABAB2E4E24 ADFCE7BD-C522-48E7-9D2A-976597629667
CB05A177-1069-4A7A-AB0A-5E6E00DCDB76 DF21EFC6-E614-4C4C-92E7-C94A944E5C5E
A233E654-53FF-43AA-B1E2-60DA2E89A1EC 0F3FEBAA-440F-4003-B2BC-71B9D9C20E72
6981B978-70D9-40B9-B00E-903B6FC8CA8A 7FBBED73-8E99-40BE-894E-F66F6F49D8F0
C86EE68A-9C77-4441-BD35-14CC6CC4A189 8F20884C-68BF-440C-BB5F-13BAC64B8C1C
2875E7A5-EE3C-4FE7-A23E-DE0529D12028 CA9CABF3-48C0-4589-808E-ADE58599DF6C
66E07EF9-4E89-4284-9632-6D6904B77732 A9BEBDF3-2816-44E9-9F64-71EBDE235E15
00D46195-B634-4C41-B53B-5093527FB791 7A53918A-FF36-41E3-96A6-3A7672746CB9
497EE41C-CE06-4DD4-8308-6C730713C646 55D95DEA-6E0F-476B-AE02-57C5F99332F2
7A12547F-B772-4F2D-BE36-CE5D0FA886A1 F83FA5C8-A016-401F-9A45-E582D8BD498F
0B9C0C26-728C-4FDA-B8DD-59806E20E4D9 44BF597A-C391-4162-8976-B00B55C92F56
F399F5B6-3C63-4674-B0FF-E94328B1947D 0D4515D4-1845-4E7C-8E16-79AEEC44AB7C
8C7A23D9-2A9B-4AEA-BA91-3003A316B44D D428C208-57A8-4A63-BF7F-E7FABE6A9E9B
E6127E3B-8D17-4BEA-A039-8BB9D0D105A2 C6B9830E-35DE-463D-8CFA-E289E317565C
A3796166-A03C-418A-AF3A-060115D4E478 ADA48720-6C9A-4A34-9E3E-5B17556A2B39
73BCFD0F-0DAA-4B21-B709-2A8D9D9C692A AB4E1C02-3EDB-4A72-B1B8-FD909831C761
93C5524B-97AE-491E-8EB7-2A3AD964F926 A696A6DE-8011-407B-850B-077BE505D11D
833E62AD-1655-499F-908E-62DCA1EB2EC6 7CAE4253-EEEF-42C7-BB94-E65EBF540DB6
285CAE3C-F16A-4A84-9A80-FF23D6E56D68 C4B2AB47-CE9B-4850-A8B6-36F3896E17BF
AA13BD85-7EC0-4CC8-9958-1BB2AA32FD0B 4910F815-D322-409F-A6D1-61FAE656E4A0
4614C49A-0B7D-4E0D-A877-38CCCFE7D589 096CBF58-FC7F-433D-9158-27DE6B22D8C7
974E1D88-BADF-4C80-8594-A59039C992EA B67F4A74-B98A-4F74-AF9E-C422198BB0F8
692898BE-C7CC-4CB3-A45C-66508B7E2C33 BAC8495C-A1FF-48B3-AB22-52544FFA3047
F6A7FF1B-9951-4CBE-B197-EA554D6DF40D CC7FD10E-8471-4399-B7B0-976BCB84357E
038F6F55-C9F0-4601-8740-98EF1CA9DF9A 89DCF5AD-2D57-4C98-AE18-E4222DFEA4CC
Private-label builds, File Downloader
6C095616-6064-43ca-9180-CF1B6B6A0BE4 BC9C7884-D1F5-4E67-80F2-C67AE8C62701
If you have a private-label version and do not see your CLSID there, please contact us at info@aurigma.com.
UPDATE (03/27/2008):
Few other CLSIDs we added to this killbit (see below). No more changes will be made to it though.
Also, I have got a confirmation from Microsoft that these CLSIDs will be killbited on June.
Old CLSID New CLSID
Private-label builds, Image Uploader 4:
A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98 B48C6F3D-3AB9-4DAA-A24C-7D6570FFACEC
5C6698D9-7BE4-4122-8EC5-291D84DBD4A0 23E0446E-BFBD-4E70-97F1-25549A1F284E
Private-label builds, Upload Items 4:
E4C97925-C194-4551-8831-EABBD0280885 0E519CCA-A262-4EC1-BD7F-AEB9168F0EAB
CC7DA087-B7F4-4829-B038-DA01DFB5D879 F7D4E441-BC09-4592-8CC3-75C0558187F5